Cyber attacks cost UK businesses £18 billion in lost revenue and £16 billion in increased IT spending per year as a result of breaches. And the issue is widespread, 81 percent of UK businesses reported a breach in 2014. Register today for this free webcast to find out more as we discuss..

Following the outstanding success of our 2015 event, SC Congress is returning to London on 10 February 2016. Join hundreds of your information security colleagues to hear the latest news and analysis and to experience the latest solutions in cyber-security. Register today for free.

British Phonographic Industry set to be hit by Anonymous-led DDoS after American sites are brought down in protest against file sharing

The 4Chan cyber espionage group has conducted a targeted attack on media associations in a purported retaliation for sponsored hits against file sharing sites.

This morning, attacks against the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) concluded after 37 service interruptions and one hour and 37 minutes of downtime.

The group, who were reportedly behind an attack on the Church of Scientology and attacks against the application of web filters in Australia in the past, were apparently retaliating against news that the film industry is employing ‘cyber hitmen' to launch attacks that take out websites hosting illegal movies.

Speaking to the Sydney Morning Herald earlier this month, Girish Kumar, managing director of Aiplex Software, said that it had looked for hackers prepared to bring the sites down. He said: “How can we put the site down? The only means that we can put the site down is [by launching a] denial-of-service [attack]. Basically we have to flood [the site] with millions and millions of requests and put the site down."

Following this news, Anonymous set their sights on the industry bodies, with the British Phonographic Industry set to be hit at 4pm today. The BPI was contacted for comment, but at the time of writing there was no response.

In an initial announcement titled ‘We are Anonymous', it said that ‘for the past 72 hours it had brought down the oppressive RIAA and MPAA.' It said: “These corperations (sic) have fought to restrict our freedoms. They chose the tatic (sic): DDoS. It is only fair that we return in kind.

“We brought them down the same way they brought down The Pirate Bay, with a distributed denial of service. Since such activity is normally reproachable, they did not do it themselves. They hired aiplex.com (sic) who has been taken care of as well. They struck first, but we struck harder.

“There is one corperation (sic) that has so far escaped our notice. BPI, the British Phonographic Industry. While they did not directly attack Pirate Bay, they are also working to stop the spread of information.”

It then points to an open source download site where code can be used to launch a DDoS attack. The site currently shows that 89 per cent of 167 users recommend the project, with one user commenting that it is ‘useful and has been used in many interwebz warz, like operation titstorm and the cleaning out scientology'.

Panda Labs detected the attack against the RIAA, and said that the RIAA website had experienced 24 downtimes since the attack started. It also found that in addition to the attack, Anonymous/4Chan members also attempted to ‘Google bomb', effectively influence the ranking of particular pages, with the phrase ‘Robert Pisano MPAA CEO arrested for child molestation!'.

Meanwhile the MPAA was down for 21 hours and 49 minutes after its website was brought down in only eight minutes.

Calling it a ‘surgical strike', Sean-Paul Correll, threat researcher and security evangelist at Panda Security, said that not only does Anonymous have the collective man power, but according to an announcement by ‘image', they will also be using botnets to assist in the attack against the MPAA.

He said: “How do you stop the collective man power of an entire internet community? You can seize equipment, hunt down the originators of the attack, but this is a group who has prided themselves in remaining anonymous, and have done so very well through the power of the internet. This is the future of cyber protests.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.